Data security investigation underway at Texthelp

At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act.

Phase One of the company’s internal technical investigation is complete and a data security incident action plan is underway. The criminal investigation continues and Texthelp is working with the National Crime Agency and The National Cyber Security Centre to pursue the investigation further.

Martin McKay, CTO and Data Security Officer said, “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.”

“Texthelp has in place continuous automated security tests for Browsealoud - these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

Texthelp can report that this attacker did not attempt to extort or ransom money from Texthelp or Texthelp customers. The company has examined the affected file thoroughly and can confirm that no customer data has been accessed or lost. The file used the computer’s CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday.

The Browsealoud service has been temporarily taken offline as a precautionary measure to all customers. The security breach has already been addressed, however Browsealoud will remain offline until Thursday 15th February at 12:00 GMT. This is to allow time for Texthelp customers to learn about the issue and the company’s response plan.

This compromise has only impacted the Browsealoud service, no other Texthelp products have been affected in any way.

“Phase One of our internal investigation is complete and our customers have been notified. We are continuing to work with the National Crime Agency and the National Cyber Security Agency. An additional review will now be conducted by an independent security consultancy. The security of our products continues to be of the utmost priority for us, we are taking this very seriously and in light of this attack, we are strengthening our security systems further,” confirmed Martin McKay.